alt Hacker NewsFrom my experience, Mongo DB's entire raison d'etre is "laziness".
* Don't worry about a schema.
* Don't worry about persistence or durability.
* Don't worry about reads or writes.
* Don't worry about connectivity.
This is basically the entire philosophy, so it's not surprising at all that users would also not worry about basic security.
Replies
aragilar • yesterday at 11:23 PM
Not only that, but authentication is much harder than it needs to be to set up (and is off by default).
winrid • yesterday at 11:32 PM
Although interestingly, for all the mongo deployments I managed, the first time I saw a cluster publicly exposed without SSL was postgres :)
morshu9001 • today at 4:36 AM
I'm sure there are publicly exposed MySQLs too
Thaxll • today at 2:20 AM
Most of your points are wrong. Maybe only 1- is valid'ish.
ddtaylor • today at 1:04 AM
Ultimate webscale!
To the extent that any of this was ever true, it hasn’t been true for at least a decade. After the WiredTiger acquisition they really got their engineering shit together. You can argue it was several years too late but it did happen.